From 3eeb45c460c786be9126bb08e8eb46c6ba0de13b Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 5 Apr 2021 15:50:11 +0000 Subject: [PATCH] Until tls_accept_socket() succeeds, the tls context bound to a session belongs to the listener, and should not be freed with that session if an error occurs before. Unlink it from the session early in the accept callback to avoid this. tweaks and ok millert@ --- usr.sbin/smtpd/ioev.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/usr.sbin/smtpd/ioev.c b/usr.sbin/smtpd/ioev.c index 109a2c3c8ba..b83a3590aa2 100644 --- a/usr.sbin/smtpd/ioev.c +++ b/usr.sbin/smtpd/ioev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ioev.c,v 1.44 2021/03/05 12:37:32 eric Exp $ */ +/* $OpenBSD: ioev.c,v 1.45 2021/04/05 15:50:11 eric Exp $ */ /* * Copyright (c) 2012 Eric Faurot * @@ -883,22 +883,24 @@ void io_dispatch_accept_tls(int fd, short event, void *humppa) { struct io *io = humppa; - struct tls *cctx = NULL; + struct tls *tls = io->tls; int ret; io_frame_enter("io_dispatch_accept_tls", io, event); + /* Replaced by TLS context for accepted socket on success. */ + io->tls = NULL; + if (event == EV_TIMEOUT) { io_callback(io, IO_TIMEOUT); goto leave; } - if ((ret = tls_accept_socket(io->tls, &cctx, io->sock)) == 0) { - io->tls = cctx; + if ((ret = tls_accept_socket(tls, &io->tls, io->sock)) == 0) { io_reset(io, EV_READ|EV_WRITE, io_dispatch_handshake_tls); goto leave; } - io->error = tls_error(io->tls); + io->error = tls_error(tls); io_callback(io, IO_ERROR); leave: -- 2.20.1